Skip to content Skip to navigation

At iHT2-Toronto, Delving Into the Complexity of Data Security Issues, at the Provider and Policy Levels

September 21, 2016
by Mark Hagland
| Reprints
Canadian healthcare leaders parse the complexities of data security at the provider and policy levels

Data security continues to ramp up as a key strategic and tactical issue for healthcare IT leaders across Canada, a panel of industry experts agreed, on Sep. 21, during the first day of the Health IT Summit in Toronto, sponsored by the Institute for Health Technology Transformation (iHT2—a sister organization to Healthcare Informatics under the Vendome Group corporate umbrella), and being held at the Omni King Edward Hotel in downtown Toronto.

The panel discussion was led by Shirley Fenton, vice president and director of the National Institutes of Health Informatics (NIHI—based in Waterloo, Ont.), who is one of the three co-chairs of the Health IT Summit in Toronto. Joining her on the panel were Brendan Seaton, president of the Mississauga, Ont.-based ITAC Health (the Information Technology Association of Canada, Canada’s national healthcare IT vendor association), Alyssa Daku, vice president of strategy, quality, and risk management, at eHealth Saskatchewan (Regina), and Geoff Besko, managing director and enterprise architect at Hilltop Business Solutions (Winnipeg).

Shirley Fenton began the discussion by asking, “How are people’s attitudes towards privacy and security changing now?” ITAC Health’s Seaton said, “A lot of surveys have been funded by Canada’s Health Infoway, and it’s pretty much an axiom that there is significant demand for digital health solutions among the public. However, privacy and security do top the list of consumer concerns. That’s sort of where we are,” he said.

“There is the privacy paradox” in this context, Seaton continued. “All of these surveys in Canada and the U.S. find that privacy and security are top of mind for people and users of information systems. But the paradox is that our behavior doesn’t match. We use easy passwords, we stick our information on post-it notes; and so that’s a real paradox that we information professionals are constantly struggling with. The second thing,” he said, “is the millennial divide. The people who set up these protocols largely are of an older generation. We’re now dealing with a whole generation of people who were weaned on information technology, and who have a very different notion of privacy and security. I’m not saying whether it’s good or bad; it’s just something we need to pay attention to. The third phenomenon is that consumers are taking control. You go to the commercial pharmacy, and they’ve got a nurse practitioner, a pharmacist, a dietician. It’s changing things.”

“I have to agree,” Fenton said. “There seems to be a dichotomy between, I want to share my information, but don’t let it get out to people I don’t want it to get out to. What do you see, in that regard, Alyssa?”

eHealth Saskatchewan’s Daku said, “A few years ago, patient masking was considered to be an enhancement; now it’s an expectation—an expectation that we can control who sees patient information. But there’s also this expectation that my provider can use information easily to support patient care. In Saskatchewan, we have patients who are going to Edmonton or Calgary, and those patients have the expectation that a provider can safely and appropriately access their information in another province. And I don’t think that that’s unreasonable for them to expect that, given the technology. But it does place expectations on us as IT professionals.”

“What does all this mean, in terms of providing services?” Fenton asked her fellow panelists. “We work with organizations across the country, and one of the things we’re seeing is the whole phenomenon of consumer health,” Seaton said. “So every jurisdiction is waking up to the fact that consumers are taking charge of their own health, and the technology industry is cranking up big-time for that. Probably what started this whole thing was the advent of the smartphone. That is many consumers’ entry way to healthcare. And the applications being developed by hundreds, if not thousands, of small start-up companies—all of that is driving a sea change in how we’re having to look at the whole healthcare system.”

Meanwhile, Besko said, “The data breaches are becoming very critical. The focus had been around insider threats. But now, phishing attacks and ransomware issues are accelerating quite dramatically. Here’s a recent statistic I got from Symantec,” he said: “the number of ransomware attacks has increased by 300 percent per day in the first quarter of this year—all of that is problematic. And in U.S. healthcare, the number of directed attacks—just the top 10 breaches last year, 111 million records were compromised.”

What’s more, Besko noted, “With the number of medical devices now being attached to medical devices, as well as wearable devices, you’re seeing a greater extent of vulnerability now. And we’ve seen scenarios in other industries where organizations have been compromised by the addition of these data entry points,” he said. “So we have to think about how the connected medical device affects all this. A lot of these things are changing the risk profile. These things are required by and are demanded by consumers and providers, and as security professionals, we have to figure out how to address the challenge.”

“Yes, there certainly are concerns,” Fenton said. “I’ve heard of where a baby monitor was hacked, and the hacker was speaking to the parents through the baby monitor. So this is really scary stuff. Alyssa, how do you see this?”